By Gaurav
Rishi, Head of Product,
Kasten
The explosion of cloud
native adoption has thrust us into a new world of technology and operations. To
say cloud native, and the ecosystem of technologies that accompany it -
containers, microservices, Kubernetes, etc. - have been disruptive, is an
understatement. There has been immense value creation in the process by a
growing number of cloud-native companies - the average value creation per year
(as measured by Market Cap increase since IPO) has been a staggering $29B/year
compared to the historical $4B/year that we saw with earlier generation
companies. Simply put, the adoption of Kubernetes as the container
control plane of choice coupled with the influence of DevOps is making a
sustained impact across industries to the point where it's redefining the
operations of entire industries.
Houston, there is a
problem...
However, this influx of
new infrastructure and applications have compounded the responsibilities of IT
and operations teams across development, deployment, and security functions.
The scale of Kubernetes environments and the ubiquity of multi-cluster usage
across development, operations and security teams, as well as across
availability zones, regions, clouds, and on-premises data centers makes this
challenge increasingly complex. The unfortunate byproduct of this is the
potential to create down range issues commonly associated with Day 2 operations
- gaps in data protection, security and compliance in particular. This is
further exacerbated with the fact that the ratio of number of applications to
operations team members is increasing - more to do with less people. Hardly a
day goes by without some news about vulnerabilities, exposed data, and
ransomware - issues that operations and IT teams need to get ahead of.
Rise of DevSecOps
One way to address these
risks is to push the critical elements of Data Management typically reserved
for Day 2 increasingly leftward, before applications are deployed, to ensure
that vital mistakes are identified and remedied before any significant damage
occurs. Additionally, there is a shift to a more collaborative mindset -
development and operations working together to embed security constructs right
from the start and maintaining that interlock continuously across the
deployment and operations cycle. From a Data Management perspective, a good
Kubernetes-native data solution needs to be developer friendly as well as
automate critical functions to allow the operations teams to scale. Data
Management functions like backup and compliance must allow entire applications
to be automatically discovered and protected so that not only is there
continuous protection but also a last line of defense to enable
recovery.
Compliance Can't be the
Weakest Link
Organizations must not
only maintain compliance with key regulations, but also show proof of that
compliance. The alternatives, aside from introducing unchecked risks, are
facing fines from regulators, reputational damage, customer loss and business
disruption. Accordingly, procedures and strategies must be adapted to ensure
that cloud-native systems and applications, which rely on Kubernetes, meet the
same standards originally written for legacy IT architectures. The distributed
and dynamic nature of containerized applications might make this seem extremely
complex, but automating compliance and auditing at the application level is a
very real Kubernetes-native capability that can be done successfully at
cloud-native scale.
However, managing the
compliance of Kubernetes environments, again with legacy tooling, does not
work. Traditional security and compliance tools working at the hypervisor level
never see application activity in the cloud-native environment where the
application microservices are dynamically distributed across multiple servers
and hypervisors. Moreover, legacy tooling is not built for the agility,
flexibility and speed offered by cloud-native and expected to support DevOps
processes - it can be extremely limiting for developers.
Operationalizing
Data Management using Kubernetes-native constructs make compliance strategies
significantly more seamless, balancing the needs of IT teams with the rigors of
industry standards and regulations. Application-centric data management,
instead of at the infrastructure or storage layers, can help organizations
maintain scale by ensuring business policy compliance without having to deal
with the practically limitless number of components that make up a modern
application environment.
Data Management Is No
Longer Just A Production Task
Data Management for
containerized applications is now being baked into the fundamental building
blocks for faster path to production. The DevSecOps stack now needs to contain
Kubernetes-native Data management capabilities so that applications can be
protected and compliance concerns mentioned above are proactively addressed.
Additionally, the Data Management solution needs to support forward looking
policies. These policies allow the runtime stack to automatically detect when a
new application is introduced into the Kubernetes cluster and ensure that these
applications are not only automatically detected but also protected without any
manual intervention from the operations team. This shift-left approach to
building data management capabilities into a golden stack reduces compliance
checks from days to hours as well as allow for a regular tear-down and
recreation of clusters with the application and data brought up in a matter of
minutes to ensure security best practices.
Remedying the Skills Gap
Traditionally, IT roles
were specialized. Cross-functional skill sets were the domain of senior team
members. However, Kubernetes has fundamentally changed IT - not only has it
helped to usher in the era of DevSecOps, in many organizations today it serves
as the underpinning of virtually all IT roles - development, operations,
networking, security and storage. Once a Kubernetes-orchestrated container is
in production (or an application is made available to users), it becomes part
of an organization's operational fabric. Maintaining its uptime, and the business
functions that rely on it, becomes a critical mandate for the wider operations
team.
To alleviate the talent
gap, Kubernetes-native Data Management solutions must allow the applications to
be transparently backed up without requiring the operations team to know the
underlying details of the cloud-native application. There needs to be a way to
automatically discover the application components, the dependencies to the
underlying infrastructure such as storage classes and also the Kubernetes objects.
Additionally, the operations teams need to have a choice of using
Kubernetes-native tooling such as Prometheus, etc. to automate Data Management
workflows while at the same time allowing for a simple user interface to enable
even the most novice of users to become productive.
Kubernetes-native
functionality that can help reprioritize data management operations so they
come earlier in the development process, coupled with automation to alleviate
resource constraints, should be a serious consideration for cloud-native
businesses. Properly integrated and operationalized Kubernetes-native data
management will accelerate the production journey by providing greater
visibility into Kubernetes systems and hiding some of the complexities of the
underlying platform that can make integrations difficult for inexperienced or
resource-strapped teams. The stronger the Kubernetes-native ecosystem becomes
beyond data management, security and compliance, the more robust and strategic
cloud-native infrastructure and containerized applications will become for an
organization.
##
***To
learn more about containerized infrastructure and cloud native technologies,
consider joining us at KubeCon + CloudNativeCon NA Virtual, November 17-20.
About the Author
Gaurav Rishi, Head of Product, Kasten
Gaurav
Rishi is Head of Product at Kasten. He previously led Strategy and Product
Management for Cisco's Cloud Media Processing business. In addition to
launching multiple products and growing them to >$100M in revenues, he was
also instrumental in several M&A transactions. An engineer at heart, Gaurav
is a computer science graduate and has an MBA from the Wharton School.